Skip to main content

Hi Led Wr120 G2 Firmware EUVDEUVD-2026-19093

| CVE-2026-5572 LOW
Cross-Site Request Forgery (CSRF) (CWE-352)
2026-04-05 cna@vuldb.com GHSA-5fff-9c5f-h2fx
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

5
Severity Changed
Apr 29, 2026 - 01:11 NVD
MEDIUM LOW
CVSS changed
Apr 29, 2026 - 01:11 NVD
5.3 (MEDIUM) 2.1 (LOW)
EUVD ID Assigned
Apr 05, 2026 - 14:22 euvd
EUVD-2026-19093
Analysis Generated
Apr 05, 2026 - 14:22 vuln.today
CVE Published
Apr 05, 2026 - 14:16 nvd
MEDIUM 5.3

DescriptionCVE.org

A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Technostrobe HI-LED-WR120-G2 version 5.5.0.1R6.03.30 is vulnerable to cross-site request forgery (CSRF) in an unknown function, allowing remote attackers to perform unauthorized actions via a specially crafted request requiring user interaction. Public exploit code is available, and the vendor has not responded to early disclosure attempts, leaving deployed devices potentially at risk.

Technical ContextAI

This vulnerability exploits a cross-site request forgery (CWE-352) weakness in Technostrobe HI-LED-WR120-G2, a networked LED control device. CSRF attacks manipulate authenticated users into performing unintended actions on a target application by tricking their browser into issuing forged requests. The affected firmware version 5.5.0.1R6.03.30 lacks proper CSRF protections (such as anti-CSRF tokens or SameSite cookie attributes) in at least one unidentified endpoint. Since the device is network-accessible (AV:N) and the attack requires minimal complexity (AC:L) with user interaction (UI:P), attackers can craft malicious web pages or emails that, when visited by an administrator, silently modify device settings or configurations.

RemediationAI

No vendor-released patch has been identified at time of analysis due to vendor non-responsiveness. Organizations operating HI-LED-WR120-G2 devices should implement network-level mitigations: restrict administrative access to trusted internal networks only, disable remote management interfaces if not required, and implement web application firewalls with CSRF protection rules. Additionally, configure devices to use secure cookie flags (SameSite=Strict if supported) and educate administrators to avoid clicking links from untrusted sources while logged into device management interfaces. Users should contact Technostrobe directly to request patched firmware; if unavailable, consider isolating affected devices or replacing them with alternative LED controllers from vendors with active security support. References: https://github.com/shiky8/my--cve-vulnerability-research/blob/main/my_VulnDB_cves/CVE-TECHNOSTROBE-04-CSRF.md, https://vuldb.com/vuln/355342.

Share

EUVD-2026-19093 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy